You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by to...@apache.org on 2017/03/21 00:16:41 UTC
[34/51] [partial] kudu git commit: Update docs, add 1.3 release

http://git-wip-us.apache.org/repos/asf/kudu/blob/d114777e/docs/known_issues.html
----------------------------------------------------------------------
diff --git a/docs/known_issues.html b/docs/known_issues.html
index c11ef4d..fd3574c 100644
--- a/docs/known_issues.html
+++ b/docs/known_issues.html
@@ -2,7 +2,7 @@
 title: Known Issues and Limitations
 layout: default
 active_nav: docs
-last_updated: 'Last updated 2017-01-26 16:14:09 PST'
+last_updated: 'Last updated 2017-03-10 12:47:33 PST'
 ---
 <!--
 
@@ -126,12 +126,26 @@ or use large tables.</p>
 <div class="ulist">
 <ul>
 <li>
-<p>Authentication and authorization features are not implemented.</p>
+<p>Authorization is only available at a system-wide, coarse-grained level. Table-level,
+column-level, and row-level authorization features are not available.</p>
 </li>
 <li>
-<p>Data encryption is not built in. Kudu has been reported to run correctly
+<p>Data encryption at rest is not built in. Kudu has been reported to run correctly
 on systems using local block device encryption (e.g. <code>dmcrypt</code>).</p>
 </li>
+<li>
+<p>Kudu server Kerberos principals must follow the pattern <code>kudu/&lt;HOST&gt;@DEFAULT.REALM</code>.
+Configuring an alternate Kerberos principal is not supported.</p>
+</li>
+<li>
+<p>Kudu&#8217;s integration with Apache Flume does not support writing to Kudu clusters that
+require Kerberos authentication.</p>
+</li>
+<li>
+<p>Kudu client instances retrieve authentication tokens upon first contact with the
+cluster. These tokens expire after one week. Use of a single Kudu client instance
+for more than one week is not supported.</p>
+</li>
 </ul>
 </div>
 </div>

http://git-wip-us.apache.org/repos/asf/kudu/blob/d114777e/docs/kudu-master_configuration_reference.html
----------------------------------------------------------------------
diff --git a/docs/kudu-master_configuration_reference.html b/docs/kudu-master_configuration_reference.html
index ed929db..8a44ecb 100644
--- a/docs/kudu-master_configuration_reference.html
+++ b/docs/kudu-master_configuration_reference.html
@@ -2,7 +2,7 @@
 title: kudu-master Flags
 layout: default
 active_nav: docs
-last_updated: 'Last updated 2017-02-02 14:03:11 PST'
+last_updated: 'Last updated 2017-03-20 16:43:12 PDT'
 ---
 <!--
 
@@ -178,6 +178,35 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_keytab_file"><a class="link" href="#kudu-master_keytab_file"><code>--keytab_file</code></a></h3>
+<div class="paragraph">
+<p>Path to the Kerberos Keytab file for this server. Specifying a keytab file will cause the server to kinit, and enable Kerberos to be used to authenticate RPC connections.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_rpc_bind_addresses"><a class="link" href="#kudu-master_rpc_bind_addresses"><code>--rpc_bind_addresses</code></a></h3>
 <div class="paragraph">
 <p>Comma-separated list of addresses to bind to for RPC connections. Currently, ephemeral ports (i.e. port 0) are not allowed.</p>
@@ -207,6 +236,93 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_superuser_acl"><a class="link" href="#kudu-master_superuser_acl"><code>--superuser_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames to allow as super users, comma-separated. A '*' entry indicates that all authenticated users are allowed. If this is left unset or blank, the default behavior is that the identity of the daemon itself determines the superuser. If the daemon is logged in from a Keytab, then the local username from the Kerberos principal is used; otherwise, the local Unix username is used.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_user_acl"><a class="link" href="#kudu-master_user_acl"><code>--user_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames who may access the cluster, comma-separated. A '*' entry indicates that all authenticated users are allowed.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>*</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_certificate_file"><a class="link" href="#kudu-master_webserver_certificate_file"><code>--webserver_certificate_file</code></a></h3>
+<div class="paragraph">
+<p>The location of the debug webserver&#8217;s SSL certificate file, in PEM format. If empty, webserver SSL support is not enabled</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_webserver_port"><a class="link" href="#kudu-master_webserver_port"><code>--webserver_port</code></a></h3>
 <div class="paragraph">
 <p>Port to bind to for the web server</p>
@@ -236,6 +352,64 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_webserver_private_key_file"><a class="link" href="#kudu-master_webserver_private_key_file"><code>--webserver_private_key_file</code></a></h3>
+<div class="paragraph">
+<p>The full path to the private key used as a counterpart to the public key contained in --ssl_server_certificate. If --ssl_server_certificate is set, this option must be set as well.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_private_key_password_cmd"><a class="link" href="#kudu-master_webserver_private_key_password_cmd"><code>--webserver_private_key_password_cmd</code></a></h3>
+<div class="paragraph">
+<p>A Unix command whose output returns the password used to decrypt the Webserver&#8217;s certificate private key file specified in --webserver_private_key_file. If the PEM key file is not password-protected, this command will not be invoked. The output of the command will be truncated to 1024 bytes, and then all trailing whitespace will be trimmed before it is used to decrypt the private key</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_log_filename"><a class="link" href="#kudu-master_log_filename"><code>--log_filename</code></a></h3>
 <div class="paragraph">
 <p>Prefix of log filename - full path is &lt;log_dir&gt;/&lt;log_filename&gt;.[INFO|WARN|ERROR|FATAL]</p>